Hallo,
seit gestern bekomm ich von postfix solche Mails (s.u.).
Ich versteh's nicht ganz, die Mails sollten ja bereits hier abgewiesen werden:
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
das sind die weiteren smtpd Einstellungen:
smtpd_pw_server_security_options = login,gssapi,cram-md5
data_directory = /var/lib/postfix
smtpd_client_restrictions =
permit_sasl_authenticated
permit_mynetworks
check_sender_access hash:/etc/postfix/whitelist
reject_non_fqdn_hostname
reject_unknown_reverse_client_hostname
reject_rbl_client cbl.abuseat.org
reject_rbl_client zen.spamhaus.org
permit
smtpd_sender_restrictions =
check_sender_access regexp:/etc/postfix/tag_as_originating.re
permit_mynetworks
permit_sasl_authenticated
permit_tls_clientcerts
check_sender_access regexp:/etc/postfix/tag_as_foreign.re
Das sind die Mails:
Content type: Spam
Internal reference code for the message is 57201-02/ghorrefFg9hP
First upstream SMTP client IP address: [83.19.178.206]
cys206.internetdsl.tpnet.pl
According to a 'Received:' trace, the message apparently originated at:
[61.8.92.97], Unknown [61.8.92.97]
Return-Path: <[email protected]>
From:
Uk.HALIFAX.internet.msg-notify###!-!securespec...@at-my-bgtr-279882394343150-testtestnow-localhost.net
Message-ID: <[email protected]>
X-Mailer: Groupinculus
Subject: Fraudulent banking activity! [HLF-ID;87n- August2012]
Not quarantined.
The message WAS NOT relayed to:
<[email protected]>:
250 2.7.0 Ok, discarded, id=57201-02 - SPAM
SpamAssassin report:
Spam detection software, running on the system "mcgregor.admilon.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
[email protected] for details.
Content preview: Untitled Document We have detected fraudulent activity on
your Halifax Internet banking account on 24/08/2012. For your protection,
you must verify this activity before you can continue using your account.
[...]
Content analysis details: (15.6 points, 25.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
0.9 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS
2.4 TVD_PH_BODY_ACCOUNTS_PRE BODY: TVD_PH_BODY_ACCOUNTS_PRE
1.5 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.3 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4904]
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
4.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 HELO_NO_DOMAIN Relay reports its domain incorrectly
0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
0.0 TO_NO_BRKTS_NORDNS_HTML TO_NO_BRKTS_NORDNS_HTML
0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
Return-Path: <[email protected]>
Received: from [83.19.178.206] (cys206.internetdsl.tpnet.pl [83.19.178.206])
by mcgregor.admilon.net (Postfix) with ESMTPA id DA5C51D0A388
for <[email protected]>; Sat, 25 Aug 2012 00:47:00 +0900 (JST)
X-GB-From:
Uk.HALIFAX.internet.msg-notify###!-!securespec...@at-my-bgtr-279882394343150-testtestnow-localhost.net
X-OriginalArrivalTime: Fri, 24 Aug 2012 15:46:48 GMT
X-SEF-Processed: 5_0_0_116__9573_53_13_39_07_03
X-Mailer: Groupinculus
Subject: Fraudulent banking activity! [HLF-ID;87n- August2012]
To: [email protected]
X-GB-AV: none found (0 seconds)
X-GB-AS-summary:
10,1,0,d41d8cd98f00b204,d41d8cd98f00b204,[email protected],7834,3775,3425,3776,4070
X-GB-Rule: 40
X-TM-AS-Product-Ver: IMSS-faoggldegmhmu=7.1.0.4101-6.8.0.61.8.92.97-22055.450
From:
Uk.HALIFAX.internet.msg-notify###!-!securespec...@at-my-bgtr-279882394343150-testtestnow-localhost.net
X-GB-AS: unknown, (score 10, 0 seconds)
X-MIMETrack: Itemize by SMTP Server on notes/Unitar(Release 8.5.2|Sat,Fri, 24
Aug 2012 15:46:48 GMT GMT) at
X-TM-IMSS-Message-ID: <[email protected]>
1241;: $21412:$;21412;4;2142949;::$219429:::424204021
Received: from Unknown [61.8.92.97] by srv02.wicerhla.co.uk - SurfControl
E-mail Filter (5.0.1); Fri, 24 Aug 2012 15:46:48 GMT
X-GB-To: [email protected]
X-imss-scan-details: No--0.158-5.0-18-1
Defensive: Filters
MIME-Version: -2.1
Message-ID: <[email protected]>
X-TM-AS-Result: No--0.730-5.0-31-1
Content-Type: text/html
Date: Fri, 24 Aug 2012 15:46:48 GMT
X-GB-Received: From ([email protected]) ---> ftp <---
X-Sender: Buuuucifer
Kann ich das irgendwie unterbinden?
Danke und noch ein schönes Wochenende
Matthias
_______________________________________________
postfix-users mailing list
[email protected]
http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
